In case of non-compliance with the GDPR, the CNIL (National Commission for Informatics and Freedoms) is empowered to take deterrent measures as well as penalties against offenders. It can be a fine of varying degrees, which can sometimes reach 4% of the turnover of the company in question.
Thus, companies that leak important data about their customers can be severely penalized. For example, the German network "Knuddels" was forced to pay more than 20,000 euros following the leakage of more than 2.6 million user dates. For more information on the GDPR and penalties, it is best to consult an expert.
The different administrative sanctions
In case of non-compliance with the GDPR, the CNIL (National Commission for Informatics and Freedoms) is empowered to take deterrent measures as well as penalties against offenders. It can be a fine of varying degrees, which can sometimes reach 4% of the turnover of the company in question.
Thus, companies that leak important data about their customers can be severely penalized. For example, the German network "Knuddels" was forced to pay more than 20,000 euros following the leakage of more than 2.6 million user dates. For more information on the GDPR and penalties, it is best to consult an expert.
Criminal penalties in France
Member States of the European Union can put in place criminal penalties in case of non-compliance with the GDPR by an organization or a company. In the case of France, we can note the application of article 226-16 of the Penal Code. In this provision, it is foreseen that the fine can reach up to more than 300,000 euros.
If the fault was committed by an actual person, the law also provides for imprisonment which can range from 1 to 5 years..
Damages and interest in case of non-compliance with the GDPR
In case of a significant personal data leakage, those responsible may be required to pay a sum as compensation for the damage caused to the victims. The amount to be paid in this case varies according to the requests of the applicants. Thus, this is an additional penalty which depends on legal action by the victims. This may result in the payment of substantial damages.
In any case,the non respect of personal data protection measures by companies, individuals or organizations is sanctioned by positive law.